diff mbox series

[1/2] crypto: check gnutls & gcrypt support the requested pbkdf hash

Message ID 20240830110533.2544070-2-berrange@redhat.com
State New
Headers show
Series crypto: misc pbkdf fixes for testing & algorithm compat | expand

Commit Message

Daniel P. Berrangé Aug. 30, 2024, 11:05 a.m. UTC
Both gnutls and gcrypt can be configured to exclude support for certain
algorithms via a runtime check against system crypto policies. Thus it
is not sufficient to have a compile time test for hash support in their
pbkdf implementations.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 crypto/pbkdf-gcrypt.c | 2 +-
 crypto/pbkdf-gnutls.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

Comments

Philippe Mathieu-Daudé Sept. 2, 2024, 7:43 p.m. UTC | #1
On 30/8/24 13:05, Daniel P. Berrangé wrote:
> Both gnutls and gcrypt can be configured to exclude support for certain
> algorithms via a runtime check against system crypto policies. Thus it
> is not sufficient to have a compile time test for hash support in their
> pbkdf implementations.
> 
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
>   crypto/pbkdf-gcrypt.c | 2 +-
>   crypto/pbkdf-gnutls.c | 2 +-
>   2 files changed, 2 insertions(+), 2 deletions(-)

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
diff mbox series

Patch

diff --git a/crypto/pbkdf-gcrypt.c b/crypto/pbkdf-gcrypt.c
index a8d8e64f4d..bc0719c831 100644
--- a/crypto/pbkdf-gcrypt.c
+++ b/crypto/pbkdf-gcrypt.c
@@ -33,7 +33,7 @@  bool qcrypto_pbkdf2_supports(QCryptoHashAlgorithm hash)
     case QCRYPTO_HASH_ALG_SHA384:
     case QCRYPTO_HASH_ALG_SHA512:
     case QCRYPTO_HASH_ALG_RIPEMD160:
-        return true;
+        return qcrypto_hash_supports(hash);
     default:
         return false;
     }
diff --git a/crypto/pbkdf-gnutls.c b/crypto/pbkdf-gnutls.c
index 2dfbbd382c..911b565bea 100644
--- a/crypto/pbkdf-gnutls.c
+++ b/crypto/pbkdf-gnutls.c
@@ -33,7 +33,7 @@  bool qcrypto_pbkdf2_supports(QCryptoHashAlgorithm hash)
     case QCRYPTO_HASH_ALG_SHA384:
     case QCRYPTO_HASH_ALG_SHA512:
     case QCRYPTO_HASH_ALG_RIPEMD160:
-        return true;
+        return qcrypto_hash_supports(hash);
     default:
         return false;
     }